month report

August 2018

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

August 2018 closed with 1,057 published CVEs. 164 criticals, debian led volume, mostly via debian linux. Top weakness class — CWE-79 (144 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

1,057

— MoM— YoY

Severity mix

164 / 417

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

2.6%

27 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

2757.9

n=27

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

1320

n=8

Detection gap

KEV pressure, no Nuclei coverage

August 2018 · vendors with active exploitation listed by CISA but no public detection template.

KEV 4microsoft60 CVE
KEV 4microsoft corp52 CVE

Weakness × Vendor

What's spreading where in August 2018

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#9hewlett packard enterprise47 CVE
#14insteon24 CVE
#19open-emr20 CVE
#24[unknown]18 CVE
#26kaspersky lab14 CVE
#31ics-cert12 CVE
#34cisco systems, inc.11 CVE
#35intel corporation11 CVE
#39ca technologies10 CVE
#41q-cms10 CVE

Top vendors

Ranked by distinct CVE count this period.

1debian—
87 CVE6 critCVSS 7.1
Nuclei 4PoC 14
debian linux (86) · advanced package tool (1)
2redhat—
80 CVE8 critCVSS 7.1
Nuclei 1PoC 8
enterprise linux desktop (57) · enterprise linux workstation (57) · enterprise linux server (56)
3canonical—
60 CVE5 critCVSS 6.8
Nuclei 3PoC 5
ubuntu linux (59) · cloud-init (1)
4microsoft—
60 CVE2 critCVSS 7.1
KEV 4PoC 4
windows 10 (22) · windows 10 servers (22) · windows server 2016 (20)
5сообщество свободного программного обеспечения—
54 CVE8 critCVSS 7.0
Nuclei 2PoC 9
debian gnu/linux (47) · linux (9) · yum (1)
6microsoft corp—
52 CVE2 critCVSS 7.0
KEV 4PoC 4
windows server 1709 (server core installation) (21) · windows server 1803 (server core installation) (21) · windows 10 1709 (20)
7hp—
48 CVE15 critCVSS 8.7
Nuclei 1PoC 4
centralview fraud risk management (5) · aruba clearpass policy manager (5) · 3par service provider (5)
8ооо «русбитех-астра»—
48 CVE5 critCVSS 6.9
Nuclei 2PoC 7
astra linux special edition (40) · astra linux common edition (14) · astra linux special edition для «эльбрус» (8)
9hewlett packard enterprise—
47 CVE14 critCVSS 7.7
NEWNuclei 1PoC 3
hpe 3par service processors (6) · hpe centralview fraud risk management (5) · aruba clearpass (4)
10maven—
42 CVE2 critCVSS 6.5
KEV 1Nuclei 2PoC 3
org.jenkins-ci.main:jenkins-core (6) · org.apache.tomcat.embed:tomcat-embed-core (3) · de.tracetronic.jenkins.plugins:ecutest (2)
11ibm—
34 CVE1 critCVSS 5.7
security identity governance and intelligence (7) · maximo asset management (5) · rational doors next generation (3)
12google—
30 CVE4 critCVSS 7.3
PoC 1
chrome (25) · android (4) · fscrypt (1)
13samsung—
28 CVE14 critCVSS 9.0
PoC 9
sth-eth-250 firmware (26) · samsung (11) · smartthings hub sth-eth-250 (10)
14insteon—
24 CVE14 critCVSS 9.2
NEWPoC 8
hub firmware (17) · insteon (17) · hub 2245-222 firmware (5)
15canonical ltd.—
23 CVE2 critCVSS 6.9
Nuclei 1PoC 1
ubuntu (23)
16packagist—
23 CVE3 critCVSS 7.6
KEV 1Nuclei 1PoC 14
symfony/symfony (5) · pimcore/pimcore (3) · mantisbt/mantisbt (2)
17jenkins—
22 CVECVSS 6.1
PoC 1
jenkins (6) · tracetronic ecu-test (2) · email extension (1)
18cisco—
20 CVECVSS 6.0
web security appliance (3) · sf300-48 firmware (2) · sf300-48p firmware (2)
19open-emr—
20 CVE3 critCVSS 8.3
NEWNuclei 1PoC 9
openemr (20)
20apache software foundation—
19 CVE1 critCVSS 6.8
KEV 1Nuclei 3PoC 1
apache traffic server (5) · apache tomcat (3) · tomcat (2)
21apache—
18 CVE1 critCVSS 6.8
KEV 1Nuclei 3PoC 1
traffic server (5) · tomcat (3) · cayenne (1)
22cisco systems inc.—
18 CVECVSS 6.4
cisco web security appliance (3) · email security appliances (2) · cisco small business 300 series (2)
23rubygems—
18 CVE2 critCVSS 8.2
PoC 2
safemode (2) · activerecord (2) · active-support (1)
24[unknown]—
18 CVECVSS 6.3
NEWPoC 2
gnutls (3) · kernel (2) · ttembed (2)
25oracle—
17 CVE1 critCVSS 6.4
KEV 1Nuclei 3PoC 4
application testing suite (5) · jd edwards enterpriseone tools (4) · communications ip service activator (4)
26kaspersky lab—
14 CVE4 critCVSS 8.1
NEW
kraftway (6) · eltex esp-200 (5) · zipato zipabox smart home controller (3)
27novell inc.—
14 CVE3 critCVSS 7.0
PoC 2
opensuse leap (12) · suse linux enterprise server for sap applications (5) · suse linux enterprise server (5)
28adobe—
13 CVE6 critCVSS 8.3
PoC 1
flash player (5) · creative cloud (2) · acrobat dc (2)
29netapp—
13 CVE1 critCVSS 6.5
KEV 1Nuclei 2PoC 5
storage automation store (6) · data ontap edge (2) · oncommand workflow automation (2)
30pypi—
13 CVE3 critCVSS 7.4
Nuclei 2PoC 1
cobbler (4) · cloudtoken (1) · apache-airflow (1)
31ics-cert—
12 CVE3 critCVSS 8.4
NEW
netcomm wireless g lte light industrial m2m router (nwl-25) with firmware 2.0.29.11 and prior. (4) · cncsoft with screeneditor (2) · deltav (2)
32intel—
12 CVECVSS 6.7
core i7 (3) · core i3 (3) · core i5 (3)
33oracle corp.—
12 CVE1 critCVSS 6.5
Nuclei 2PoC 1
database server (5) · security service (4) · oracle communications ip service activator (4)
34cisco systems, inc.—
11 CVECVSS 6.9
NEW
small business 100 series wireless access points (2) · small business 300 series wireless access points (2) · digital network architecture (dna) center (1)
35intel corporation—
11 CVECVSS 7.1
NEW
multiple (3) · saffron memorybase (3) · smart sound technology (3)
36linux—
11 CVECVSS 6.7
PoC 3
linux kernel (11)
37nuget—
11 CVECVSS 7.7
PoC 2
microsoft.chakracore (10) · auth0-aspnet (1) · auth0-aspnet-owin (1)
38sap—
11 CVE1 critCVSS 7.4
businessobjects business intelligence (4) · sap businessobjects business intelligence (3) · supplier relationship management mdm catalog (2)
39ca technologies—
10 CVE4 critCVSS 8.2
NEWPoC 1
ppm (5) · unified infrastructure management (3) · release automation (1)
40npm—
10 CVE6 critCVSS 8.6
PoC 1
aedes (1) · cryo (1) · dojox (1)
41q-cms—
10 CVECVSS 5.3
NEWPoC 5
qcms (10)
42red hat—
10 CVECVSS 5.7
NEWPoC 1
keycloak (2) · ansible-tower (1) · brms (1)
43red hat inc.—
9 CVE1 critCVSS 7.1
Nuclei 1PoC 1
red hat enterprise linux (7) · jboss web server (1) · red hat enterprise mrg (1)
44xkbcommon—
9 CVECVSS 5.8
NEW
xkbcommon (9) · libxkbcommon (8)
45asustor—
8 CVE2 critCVSS 7.1
NEWNuclei 1PoC 6
data master (6) · asustor data master (2)
46dell—
8 CVECVSS 7.6
bsafe (4) · wyse management suite (1) · 2335dn engine firmware (1)
47siemens ag—
8 CVECVSS 6.2
Nuclei 1PoC 1
sinumerik tcu 30.3 (3) · simotion p320-4s (3) · sinumerik 840d sl (3)
48talos—
8 CVE4 critCVSS 8.6
NEWPoC 3
samsung (4) · insteon (2) · sony (2)
49tenable—
8 CVECVSS 6.6
PoC 4
asustor data master (6) · securitycenter (2)
50broadcom—
7 CVE3 critCVSS 8.0
PoC 1
project portfolio management (5) · release automation (1) · ca api developer portal (1)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	debian	87	6	·	4	Nuclei 4PoC 14	debian linux (86) · advanced package tool (1)	—
2	redhat	80	8	·	1	Nuclei 1PoC 8	enterprise linux desktop (57) · enterprise linux workstation (57) · enterprise linux server (56)	—
3	canonical	60	5	·	3	Nuclei 3PoC 5	ubuntu linux (59) · cloud-init (1)	—
4	microsoft	60	2	4	·	KEV 4PoC 4	windows 10 (22) · windows 10 servers (22) · windows server 2016 (20)	—
5	сообщество свободного программного обеспечения	54	8	·	2	Nuclei 2PoC 9	debian gnu/linux (47) · linux (9) · yum (1)	—
6	microsoft corp	52	2	4	·	KEV 4PoC 4	windows server 1709 (server core installation) (21) · windows server 1803 (server core installation) (21) · windows 10 1709 (20)	—
7	hp	48	15	·	1	Nuclei 1PoC 4	centralview fraud risk management (5) · aruba clearpass policy manager (5) · 3par service provider (5)	—
8	ооо «русбитех-астра»	48	5	·	2	Nuclei 2PoC 7	astra linux special edition (40) · astra linux common edition (14) · astra linux special edition для «эльбрус» (8)	—
9	hewlett packard enterprise	47	14	·	1	NEWNuclei 1PoC 3	hpe 3par service processors (6) · hpe centralview fraud risk management (5) · aruba clearpass (4)	—
10	maven	42	2	1	2	KEV 1Nuclei 2PoC 3	org.jenkins-ci.main:jenkins-core (6) · org.apache.tomcat.embed:tomcat-embed-core (3) · de.tracetronic.jenkins.plugins:ecutest (2)	—
11	ibm	34	1	·	·		security identity governance and intelligence (7) · maximo asset management (5) · rational doors next generation (3)	—
12	google	30	4	·	·	PoC 1	chrome (25) · android (4) · fscrypt (1)	—
13	samsung	28	14	·	·	PoC 9	sth-eth-250 firmware (26) · samsung (11) · smartthings hub sth-eth-250 (10)	—
14	insteon	24	14	·	·	NEWPoC 8	hub firmware (17) · insteon (17) · hub 2245-222 firmware (5)	—
15	canonical ltd.	23	2	·	1	Nuclei 1PoC 1	ubuntu (23)	—
16	packagist	23	3	1	1	KEV 1Nuclei 1PoC 14	symfony/symfony (5) · pimcore/pimcore (3) · mantisbt/mantisbt (2)	—
17	jenkins	22	·	·	·	PoC 1	jenkins (6) · tracetronic ecu-test (2) · email extension (1)	—
18	cisco	20	·	·	·		web security appliance (3) · sf300-48 firmware (2) · sf300-48p firmware (2)	—
19	open-emr	20	3	·	1	NEWNuclei 1PoC 9	openemr (20)	—
20	apache software foundation	19	1	1	3	KEV 1Nuclei 3PoC 1	apache traffic server (5) · apache tomcat (3) · tomcat (2)	—
21	apache	18	1	1	3	KEV 1Nuclei 3PoC 1	traffic server (5) · tomcat (3) · cayenne (1)	—
22	cisco systems inc.	18	·	·	·		cisco web security appliance (3) · email security appliances (2) · cisco small business 300 series (2)	—
23	rubygems	18	2	·	·	PoC 2	safemode (2) · activerecord (2) · active-support (1)	—
24	[unknown]	18	·	·	·	NEWPoC 2	gnutls (3) · kernel (2) · ttembed (2)	—
25	oracle	17	1	1	3	KEV 1Nuclei 3PoC 4	application testing suite (5) · jd edwards enterpriseone tools (4) · communications ip service activator (4)	—
26	kaspersky lab	14	4	·	·	NEW	kraftway (6) · eltex esp-200 (5) · zipato zipabox smart home controller (3)	—
27	novell inc.	14	3	·	·	PoC 2	opensuse leap (12) · suse linux enterprise server for sap applications (5) · suse linux enterprise server (5)	—
28	adobe	13	6	·	·	PoC 1	flash player (5) · creative cloud (2) · acrobat dc (2)	—
29	netapp	13	1	1	2	KEV 1Nuclei 2PoC 5	storage automation store (6) · data ontap edge (2) · oncommand workflow automation (2)	—
30	pypi	13	3	·	2	Nuclei 2PoC 1	cobbler (4) · cloudtoken (1) · apache-airflow (1)	—
31	ics-cert	12	3	·	·	NEW	netcomm wireless g lte light industrial m2m router (nwl-25) with firmware 2.0.29.11 and prior. (4) · cncsoft with screeneditor (2) · deltav (2)	—
32	intel	12	·	·	·		core i7 (3) · core i3 (3) · core i5 (3)	—
33	oracle corp.	12	1	·	2	Nuclei 2PoC 1	database server (5) · security service (4) · oracle communications ip service activator (4)	—
34	cisco systems, inc.	11	·	·	·	NEW	small business 100 series wireless access points (2) · small business 300 series wireless access points (2) · digital network architecture (dna) center (1)	—
35	intel corporation	11	·	·	·	NEW	multiple (3) · saffron memorybase (3) · smart sound technology (3)	—
36	linux	11	·	·	·	PoC 3	linux kernel (11)	—
37	nuget	11	·	·	·	PoC 2	microsoft.chakracore (10) · auth0-aspnet (1) · auth0-aspnet-owin (1)	—
38	sap	11	1	·	·		businessobjects business intelligence (4) · sap businessobjects business intelligence (3) · supplier relationship management mdm catalog (2)	—
39	ca technologies	10	4	·	·	NEWPoC 1	ppm (5) · unified infrastructure management (3) · release automation (1)	—
40	npm	10	6	·	·	PoC 1	aedes (1) · cryo (1) · dojox (1)	—
41	q-cms	10	·	·	·	NEWPoC 5	qcms (10)	—
42	red hat	10	·	·	·	NEWPoC 1	keycloak (2) · ansible-tower (1) · brms (1)	—
43	red hat inc.	9	1	·	1	Nuclei 1PoC 1	red hat enterprise linux (7) · jboss web server (1) · red hat enterprise mrg (1)	—
44	xkbcommon	9	·	·	·	NEW	xkbcommon (9) · libxkbcommon (8)	—
45	asustor	8	2	·	1	NEWNuclei 1PoC 6	data master (6) · asustor data master (2)	—
46	dell	8	·	·	·		bsafe (4) · wyse management suite (1) · 2335dn engine firmware (1)	—
47	siemens ag	8	·	·	1	Nuclei 1PoC 1	sinumerik tcu 30.3 (3) · simotion p320-4s (3) · sinumerik 840d sl (3)	—
48	talos	8	4	·	·	NEWPoC 3	samsung (4) · insteon (2) · sony (2)	—
49	tenable	8	·	·	·	PoC 4	asustor data master (6) · securitycenter (2)	—
50	broadcom	7	3	·	·	PoC 1	project portfolio management (5) · release automation (1) · ca api developer portal (1)	—